ID: 39118 Updated by: [EMAIL PROTECTED] Reported By: steve at mountainmedia dot com -Status: Open +Status: Bogus Bug Type: Class/Object related Operating System: Fedora Core 4/Linux 2.6.14.3 PHP Version: 5.1.6 New Comment:
Thank you for taking the time to write to us, but this is not a bug. Please double-check the documentation available at http://www.php.net/manual/ and the instructions on how to report a bug at http://bugs.php.net/how-to-report.php Previous Comments: ------------------------------------------------------------------------ [2006-10-10 16:11:15] steve at mountainmedia dot com Description: ------------ Private variables are accessible to the print_r function outside of the object. Even if one cannot access the variable directly, one could easily parse the output of print_r to grab private data from an object. Reproduce code: --------------- <? class Example { private $secret = "My secret"; public $notsecret = "Not my secret"; } $ex = new Example; $x = print_r ($ex, true); print $x; ?> Expected result: ---------------- I expected the private members to be invisible or replaced with something to indicate the lack of access such as <Private>. Actual result: -------------- Example Object ( [secret:private] => My secret [notsecret] => Not my secret ) Private variables are displayed and data is stored in the string variable $x which one could easily parse to get the value of secret:private. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=39118&edit=1